1. Field of the Invention
The present invention relates to methods and apparatus that can prevent, resist, or deter reverse engineering and tampering with information such as computer software or data files during both the static and dynamic states of its presence on a system.
2. Background of the Invention
Most computer software and data found on commercially available general purpose operating systems are exposed to a threat of being reverse engineered or tampered with using widely available disassembling, de-compiling, debugging, and in-circuit emulating utilities. Despite the employment of cryptographic algorithms, hardware dangles, and software encryption, software and data remain vulnerable to security attacks. Such vulnerability exists regardless whether the software and data are present on a computer system in a static state (such as on a hard drive or other non-volatile storage media) or a dynamic state (such as in residence in a cache memory or main memory).
For example, by taking advantage of the appropriate utilities, an attacker skilled in the art of computer security or security cracking can observe and re-assemble the instructions of a software program by tracing their execution image in memory. The attacker can further monitor and/or alter a software program's secret operations such as its interactions with physical components of a computer. The attacker can also de-compile and analyze compiled code in the static state and then alter critical sections of the compiled code to compromise security.
To increase the difficulty for an attacker to observe, understand, or modify source code, companies such as Intel and Intertrust have introduced elaborate schemes of transformation or slicing of source code. The potential pitfall of these protection schemes is that they rely on the ingenuity of their designers. Attackers on the other hand similarly rely on their ingenuity to reverse engineer a protector's design. Thus, the effectiveness of the protection system becomes an ingenuity contest between the protector and the attacker. Unfortunately, this fails to provide a scientific measure of how easy or how difficult it is for the ingenious protection mechanisms to be broken.
For these and related reasons, we assume that (1) all compiled code and data files are observable given the availability of commercial hardware and software utilities; (2) all elaborate schemes can be reverse engineered by ingenuity; and (3) attackers know the design of security schemes every bit as well as the designers. We believe the security of a protection system should be predictable and measurable. The most appropriate and reliable measure is probably the computation time and cost required to crack the protection system. In particular, true security lies in a predictable, large work factor for attackers. Such work factor should be large enough to make it humanly impossible to comprehend the protected source code and data files, and exponentially time consuming and expensive for computers to do so.